/testing/guestbin/swan-prep --x509
Preparing X.509 files
west #
 certutil -d sql:/etc/ipsec.d -D -n "Libreswan test CA for mainca - Libreswan"
west #
 ipsec start
Redirecting to: systemctl start ipsec.service
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 ipsec whack --impair send-pkcs7-thingie
west #
 ipsec auto --add westnet-eastnet-x509
002 added connection description "westnet-eastnet-x509"
west #
 echo "initdone"
initdone
west #
 ipsec auto --up westnet-eastnet-x509
002 "westnet-eastnet-x509" #1: initiating Main Mode
104 "westnet-eastnet-x509" #1: STATE_MAIN_I1: initiate
106 "westnet-eastnet-x509" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "westnet-eastnet-x509" #1: IMPAIR: sending cert as pkcs7 blob
002 "westnet-eastnet-x509" #1: I am sending a certificate request
108 "westnet-eastnet-x509" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "westnet-eastnet-x509" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
002 "westnet-eastnet-x509" #1: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
003 "westnet-eastnet-x509" #1: Authenticated using RSA
004 "westnet-eastnet-x509" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=aes_256 integ=sha2_256 group=MODP2048}
002 "westnet-eastnet-x509" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
117 "westnet-eastnet-x509" #2: STATE_QUICK_I1: initiate
004 "westnet-eastnet-x509" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive}
west #
 echo done
done
west #
 grep PKCS7 /tmp/pluto.log
|    cert encoding: CERT_PKCS7_WRAPPED_X509 (0x1)
|    cert encoding: CERT_PKCS7_WRAPPED_X509 (0x1)
| saving certificate of type 'PKCS7_WRAPPED_X509' in 0
west #
 ../../pluto/bin/ipsec-look.sh
west NOW
XFRM state:
src 192.1.2.23 dst 192.1.2.45
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 32 flag af-unspec
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
src 192.1.2.45 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 32 flag af-unspec
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
XFRM policy:
src 192.0.1.0/24 dst 192.0.2.0/24
	dir out priority 1042407 ptype main
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
src 192.0.2.0/24 dst 192.0.1.0/24
	dir fwd priority 1042407 ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
src 192.0.2.0/24 dst 192.0.1.0/24
	dir in priority 1042407 ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid REQID mode tunnel
XFRM done
IPSEC mangle TABLES
NEW_IPSEC_CONN mangle TABLES
ROUTING TABLES
default via 192.1.2.254 dev eth1 
192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254 
192.0.2.0/24 via 192.1.2.23 dev eth1 
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45 
192.9.4.0/24 dev eth2 proto kernel scope link src 192.9.4.45 
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
east                                                         P,,  
east-ec                                                      P,,  
hashsha2                                                     P,,  
nic                                                          P,,  
north                                                        P,,  
road                                                         P,,  
west                                                         u,u,u
west #
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

